package com.dbf.forum.config;


import javax.inject.Inject;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import com.dbf.forum.user.service.UserService;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//	@Autowired
//	@Qualifier("CommonServiceImpl")
	
	@Inject
	private UserService userRepository;	
	
//	@Autowired
//	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//		auth
//			.inMemoryAuthentication()
//				.withUser("user").password("password").roles("USER");
//	}

	@Override
	public void configure(WebSecurity web) throws Exception {
		web
            .ignoring()
			.antMatchers("/**/*.jsp",
					"/**/*.html", //
                         "/css/**", //
                         "/js/**", //
                         "/i18n/**",// 
                         "/libs/**",//
                         "/img/**", //
                         "/webjars/**",//
                         "/ico/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		    .authorizeRequests()
                .antMatchers("/api/public/**")
                .permitAll()
            .and()    
                .authorizeRequests()   
    			.antMatchers("/api/mgt/**")
    			.hasRole("ADMIN")
            .and()    
                .authorizeRequests()   
    			.antMatchers("/api/**")
    			.authenticated()
    		.and()
    			.authorizeRequests()   
    			.anyRequest()
    			.permitAll()
    		.and()
                .rememberMe()
                
            .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .and()
                .httpBasic()
            .and()
                .csrf()
                .disable();
	}
	@Override
	protected void configure(AuthenticationManagerBuilder auth)
			throws Exception {
		
		try
		{
			auth
				.userDetailsService(userRepository)
				.passwordEncoder(passwordEncoder());
			auth
			.inMemoryAuthentication()
				.withUser("user").password("password").roles("ADMIN");
		}catch(Exception e){
			e.printStackTrace();
		}

	}


	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Bean
	@Override
	public UserDetailsService userDetailsServiceBean() throws Exception {
		return super.userDetailsServiceBean();
	}

	@Bean
	public BCryptPasswordEncoder passwordEncoder() {
		BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
		return passwordEncoder;
	}

}
